The J-magic campaign has emerged as a significant cybersecurity threat targeting Juniper Networks routers through a custom backdoor. Identified by Lumen Technologies' Black Lotus Labs, this malware monitors for specific TCP 'magic packets' to initiate operations. The backdoor, a variant of cd00r, can establish command and control access once certain criteria are met. The campaign has seen widespread infections across multiple continents and industries, particularly focusing on the semiconductor and IT sectors. The use of challenge-response mechanisms may also serve to protect the attackers from rival hackers.
Enterprise-grade Juniper Networks routers have become the target of a custom backdoor, known as J-magic, which is designed to monitor and respond to specific TCP traffic packets.
The J-magic campaign highlights the emergence of malware crafted specifically for JunoOS, marking a significant threat landscape shift.
Evidence suggests that infections from the J-magic campaign have been detected globally, notably impacting the semiconductor and IT sectors particularly.
Lumen theorizes that the clever challenge mechanism in J-magic aims to deter other attackers from misusing the magickey for their purposes.
Collection
[
|
...
]